Header Right

Main navigation

Wikileaks

Wikileaks, an information disclosure site, continues to top the headlines with the disclosure of some ~250,000 confidential U.S. government embassy cables. Since then, the site has been struggling to stay alive. While not getting into the politics of it, it’s truly fascinating to see an attack/counter attack game of keeping a site up against all adversaries.

Let’s take a look at the timeline* of events that have been kicked off since Wikileaks first announced the disclosure.

Nov 28, 2010

– Wikileaks started releasing ~250,000 U.S. embassy cables

Dec 1, 2010

– Amazon removed Wikileaks contents from its EC2 cloud

– Data visualization service Tableau Software (company that provided visualization for navigation into leaked cables) withdraws its support for Wikileaks

Dec 3, 2010

– EveryDNS.com experiences DoS attempts and withdraws its support for Wikileaks

Wikileaks.org is down after its hosting providers kicked it out. However, in order to take it down, authorities had to go beyond the normal fare of DDos attacks and such. Instead, they had to use a power play to ensure that servers are not hosting it. The reason authorities had to use this power play is because cloud hosting services typically have better resilience toward such DoS attempts.

Regardless of how Wikileaks.org went down, the digital nature of the contents is still keeping it alive. Wikileaks.ch is now hosting the contents. Plus, there are some ~1100 mirrors of Wikileaks.org already available (and counting).

Warning for Users:

1. While Paypal and Mastercard have withdrawn their support for Wikileaks donations, other relatively unknown agencies have popped up to show their support. It is conceivable that attackers would try to take advantage of this situation to phish out those donations, so be on the look out for these sites.

2. There are many anonymous retaliation groups that are setting up botnets for facilitating DDoS attacks against organizations withdrawing their support for Wikileaks. They are recruiting into their bot army by requesting people to download an executable that will let their machine become part of the botnet. However, getting involved in any such activity would a) be illegal and b) potentially compromise the machine with some virus/spyware or other malicious program. Downloading these executables might open up a user’s system for further malicious gateways. In short, don't download these executables.

3. While most mirrors are claiming to host the original contents, there is no assurance that the material is legitimate. Further, mirrors are not vetted and it is very much possible that malicious groups can later use them to achieve their malicious intentions. Contents distributed as torrents are signed with a public key; however, Web sites are not. That said, be on the watch for these.